Merge branch '2.4' of github.com:MISP/MISP into stix2

2018-09-04 17:26:04 +02:00 · 2018-09-04 17:26:04 +02:00 · c0525eaf4d
parent d9370efcb9 15003c12e0
commit c0525eaf4d
11 changed files with 21 additions and 6 deletions
--- a/INSTALL/INSTALL.FreeBSD.txt
+++ b/INSTALL/INSTALL.FreeBSD.txt
@ -311,6 +311,7 @@ sudo service apache24 restart
 # To rotate these logs install the supplied logrotate script:

 sudo cp /usr/local/www/MISP/INSTALL/misp.logrotate /usr/local/etc/logrotate.d/misp
+chmod 0640 /usr/local/etc/logrotate.d/misp

 9/ MISP configuration
 ---------------------
--- a/INSTALL/INSTALL.debian9.txt
+++ b/INSTALL/INSTALL.debian9.txt
@ -302,6 +302,7 @@ sudo systemctl restart apache2
 # To rotate these logs install the supplied logrotate script:

 sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+chmod 0640 /etc/logrotate.d/misp

 9/ MISP configuration
 ---------------------
--- a/INSTALL/INSTALL.debian_testing.txt
+++ b/INSTALL/INSTALL.debian_testing.txt
@ -315,6 +315,7 @@ sudo systemctl restart apache2
 # To rotate these logs install the supplied logrotate script:

 sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+chmod 0640 /etc/logrotate.d/misp

 9/ MISP configuration
 ---------------------
--- a/INSTALL/INSTALL.kali.txt
+++ b/INSTALL/INSTALL.kali.txt
@ -350,6 +350,7 @@ function installMISPonKali() {
  systemctl restart apache2

  cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+  chmod 0640 /etc/logrotate.d/misp

  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
@ -545,7 +546,6 @@ function installMISPonKali() {
  git clone git://github.com/stricaud/faup.git faup
  chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
  cd faup
-  $SUDO git checkout 96f2a9a51428869cac2473422b70ace890d5d95d
  $SUDO mkdir -p build
  cd build
  $SUDO cmake .. && $SUDO make
--- a/INSTALL/INSTALL.rhel7.txt
+++ b/INSTALL/INSTALL.rhel7.txt
@ -251,6 +251,7 @@ firewall-cmd --reload
 # To rotate these logs install the supplied logrotate script:

 cp INSTALL/misp.logrotate /etc/logrotate.d/misp
+chmod 0640 /etc/logrotate.d/misp

 8.01/ Allow logrotate to work under SELinux and modify the log files
 semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?"
--- a/INSTALL/INSTALL.ubuntu1804.txt
+++ b/INSTALL/INSTALL.ubuntu1804.txt
@ -205,6 +205,7 @@ sudo systemctl restart apache2
 # To rotate these logs install the supplied logrotate script:

 sudo cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+chmod 0640 /etc/logrotate.d/misp

 9/ MISP configuration
 ---------------------
--- a/INSTALL/xINSTALL.centos6.txt
+++ b/INSTALL/xINSTALL.centos6.txt
@ -206,6 +206,7 @@ service iptables save
 # To rotate these logs install the supplied logrotate script:

 cp INSTALL/misp.logrotate /etc/logrotate.d/misp
+chmod 0640 /etc/logrotate.d/misp

 9/ MISP configuration
 ---------------------
--- a/INSTALL/xINSTALL.centos7.txt
+++ b/INSTALL/xINSTALL.centos7.txt
@ -223,6 +223,7 @@ firewall-cmd --reload
 # To rotate these logs install the supplied logrotate script:

 cp INSTALL/misp.logrotate /etc/logrotate.d/misp
+chmod 0640 /etc/logrotate.d/misp

 # Now make logrotate work under SELinux as well
 # Allow logrotate to modify the log files
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@ -2335,7 +2335,7 @@ class EventsController extends AppController
                            ),
                        'order' => array('Job.id' => 'desc')
                ));
-                $dir = new Folder(APP . 'tmp/cached_exports/' . $k);
+                $dir = new Folder(APP . 'tmp/cached_exports/' . $k, true);
                if ($k === 'text') {
                    // Since all of the text export files are generated together, we might as well just check for a single one md5.
                    $file = new File($dir->pwd() . DS . 'misp.text_md5.' . $org_name . $type['extension']);
--- a/app/files/scripts/stix2/misp2stix2.py
+++ b/app/files/scripts/stix2/misp2stix2.py
@ -464,6 +464,11 @@ class StixBuilder():
        pattern = mispTypesMapping[attribute_type]['pattern'](attribute_type, attribute_value, b64encode(attribute.data.getbuffer()).decode()[1:-1]) if ('data' in attribute and attribute.data) else self.define_pattern(attribute_type, attribute_value)
        indicator_args = {'id': indicator_id, 'type': 'indicator', 'labels': labels, 'kill_chain_phases': killchain,
                           'valid_from': self.misp_event.date, 'created_by_ref': self.identity_id, 'pattern': pattern}
+        if hasattr(attribute, 'Sighting'):
+            for sighting in attribute.Sighting:
+                if sighting['Organisation']['name'] == self.misp_event.Orgc.name and sighting['type'] == "2":
+                    indicator_args['valid_until'] = datetime.datetime.fromtimestamp(int(sighting['date_sighting']), datetime.timezone.utc).isoformat()
+                    break
        if hasattr(attribute, 'comment') and attribute.comment:
            indicator_args['description'] = attribute.comment
        indicator = Indicator(**indicator_args)
--- a/app/files/scripts/stix2/stix2misp.py
+++ b/app/files/scripts/stix2/stix2misp.py
@ -237,9 +237,10 @@ class StixParser():
        self.misp_event.add_object(**misp_object)

    def parse_attribute(self, o, labels):
+        attribute_uuid = o['id'].split('--')[1]
        attribute_type = self.get_misp_type(labels)
        attribute_category = self.get_misp_category(labels)
-        attribute = {'type': attribute_type, 'category': attribute_category}
+        attribute = {'uuid': attribute_uuid, 'type': attribute_type, 'category': attribute_category}
        tags = [{'name': label} for label in labels[3:]]
        if tags:
            attribute['Tag'] = tags
@ -248,19 +249,21 @@ class StixParser():
            value = o.get('name')
        else:
            if stix_type == 'indicator':
-                o_date = o.get('valid_from')
+                if hasattr(o, 'valid_until'):
+                    org_uuid = o['created_by_ref'].split('--')[1]
+                    attribute['Sighting'] = [{'type': '2', 'date_sighting': str(self.getTimestampfromDate(o['valid_until'])),
+                                             'Organisation': {'uuid': org_uuid, 'name': self.event['identity'][org_uuid]['name']}}]
                pattern = o.get('pattern').replace('\\\\', '\\')
                value = self.parse_pattern_with_data(pattern) if attribute_type in ('malware-sample', 'attachment') else self.parse_pattern(pattern)
                attribute['to_ids'] = True
            else:
-                o_date = o.get('first_observed')
+                attribute['timestamp'] = self.getTimestampfromDate(o.get('last_observed'))
                observable = o.get('objects')
                try:
                    value = self.parse_observable(observable, attribute_type)
                except Exception:
                    print('Error with attribute type {}:\n{}'.format(attribute_type, observable), file=sys.stderr)
                attribute['to_ids'] = False
-            attribute['timestamp'] = self.getTimestampfromDate(o_date)
        if 'description' in o:
            attribute['comment'] = o.get('description')
        if isinstance(value, tuple):